Select location & language
Machine translations from English provided as a courtesy.

EndyList Developers

EndyList Developer Platform

Build on EndyList.

Use the canonical task API, webhooks, MCP tools, and connector adapters to feed work into EndyList, or let trusted apps and agents read tasks back out.

Setup guide

Create one EndyList token per integration, request only the scopes that integration needs, and rotate the token if the integration moves machines or changes owners.

Reference

OpenAPI spec JSON

Privacy note

Vault encryption keeps task titles, subtask titles, and notes in the browser. APIs expose metadata and events, not a plaintext copy of a private list.

Connector rule: Keep provider tokens, secrets, and passwords in your connector service or device keychain. Store only labels, sync mode, and mapping config in EndyList.

1. Create and store a scoped token

Sign in to EndyList, create a token for the integration, copy the returned `elpat_…` secret once, and store it outside your project files. Do not commit tokens to Git.

  • Read-only dashboard: `tasks:read` or `tasks:metadata`.
  • Bot that can add tasks: `tasks:write`.
  • Completion-only agent: `tasks:read`, `tasks:complete`, and `mcp:tools`.
  • Webhook manager: `webhooks:manage` plus `events:read`.
  • Connector service: `connectors:manage`, `tasks:read`, `tasks:write`, and `events:read` when two-way sync is needed.

macOS and Linux

export ENDYLIST_API_TOKEN="elpat_replace_me"
printf '%s\n' "$ENDYLIST_API_TOKEN" | wc -c

Windows PowerShell

$env:ENDYLIST_API_TOKEN = "elpat_replace_me"
$env:ENDYLIST_API_TOKEN.Length

REST API setup

Use REST when a service needs direct task reads or writes. Mutations can include `X-EndyList-Sync-Revision` or `If-Match`; a `409` means the account changed and your client should read, reconcile, and retry.

macOS and Linux

curl -sS https://endylist.com/wp-json/endylist/v2/tasks \
  -H "Authorization: Bearer $ENDYLIST_API_TOKEN" \
  -H "Accept: application/json"

curl -sS https://endylist.com/wp-json/endylist/v2/tasks \
  -H "Authorization: Bearer $ENDYLIST_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"title":"Review EndyList connector","time_bucket":"today","category":"work"}'

Windows PowerShell

Invoke-RestMethod `
  -Uri "https://endylist.com/wp-json/endylist/v2/tasks" `
  -Headers @{ Authorization = "Bearer $env:ENDYLIST_API_TOKEN"; Accept = "application/json" }

$body = @{ title = "Review EndyList connector"; time_bucket = "today"; category = "work" } | ConvertTo-Json
Invoke-RestMethod `
  -Method Post `
  -Uri "https://endylist.com/wp-json/endylist/v2/tasks" `
  -Headers @{ Authorization = "Bearer $env:ENDYLIST_API_TOKEN" } `
  -ContentType "application/json" `
  -Body $body

OpenAPI client setup

Use the OpenAPI file when you want typed clients or contract tests. The public contract is available at `/wp-json/endylist/v2/openapi.json` and can also be mirrored from `/docs/openapi/endylist-v2.openapi.json` in the source repo.

macOS and Linux

mkdir endylist-openapi-client
cd endylist-openapi-client
curl -fsSLo endylist-v2.openapi.json https://endylist.com/wp-json/endylist/v2/openapi.json
npx @openapitools/openapi-generator-cli generate \
  -i endylist-v2.openapi.json \
  -g typescript-fetch \
  -o endylist-api-client

Windows PowerShell

mkdir endylist-openapi-client
cd endylist-openapi-client
Invoke-WebRequest `
  -Uri "https://endylist.com/wp-json/endylist/v2/openapi.json" `
  -OutFile "endylist-v2.openapi.json"
npx @openapitools/openapi-generator-cli generate `
  -i endylist-v2.openapi.json `
  -g typescript-fetch `
  -o endylist-api-client

Webhook setup

Use webhooks for change notifications, then use `GET /events?cursor=…` to catch up after downtime. Deliveries are signed with `X-EndyList-Signature-256`.

macOS and Linux

export ENDYLIST_WEBHOOK_SECRET="replace_with_random_secret"
curl -sS https://endylist.com/wp-json/endylist/v2/webhooks \
  -H "Authorization: Bearer $ENDYLIST_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com/endylist/webhook","events":["task.created","task.updated","task.deleted"],"secret":"replace_with_random_secret"}'

printf '%s' "$BODY" | openssl dgst -sha256 -hmac "$ENDYLIST_WEBHOOK_SECRET"

Windows PowerShell

$env:ENDYLIST_WEBHOOK_SECRET = "replace_with_random_secret"
$body = @{
  url = "https://example.com/endylist/webhook"
  events = @("task.created", "task.updated", "task.deleted")
  secret = $env:ENDYLIST_WEBHOOK_SECRET
} | ConvertTo-Json
Invoke-RestMethod `
  -Method Post `
  -Uri "https://endylist.com/wp-json/endylist/v2/webhooks" `
  -Headers @{ Authorization = "Bearer $env:ENDYLIST_API_TOKEN" } `
  -ContentType "application/json" `
  -Body $body

MCP agent setup

MCP is the simplest surface for a bot that should act on a list without learning the whole REST contract. Give the token `mcp:tools` plus the exact task scopes the bot needs.

macOS and Linux

curl -sS https://endylist.com/wp-json/endylist/v2/mcp \
  -H "Authorization: Bearer $ENDYLIST_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":"tools","method":"tools/list","params":{}}'

curl -sS https://endylist.com/wp-json/endylist/v2/mcp \
  -H "Authorization: Bearer $ENDYLIST_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":"add","method":"tools/call","params":{"name":"add_task","arguments":{"title":"Ask Hermes to review the list","time_bucket":"today"}}}'

Windows PowerShell

$payload = @{
  jsonrpc = "2.0"
  id = "tools"
  method = "tools/list"
  params = @{}
} | ConvertTo-Json -Depth 5
Invoke-RestMethod `
  -Method Post `
  -Uri "https://endylist.com/wp-json/endylist/v2/mcp" `
  -Headers @{ Authorization = "Bearer $env:ENDYLIST_API_TOKEN" } `
  -ContentType "application/json" `
  -Body $payload

JavaScript SDK setup

The SDK is a small ES module for local scripts and connector prototypes. It wraps REST, connector normalization, connector export, MCP calls, and webhook signature helpers.

macOS and Linux

mkdir endylist-bot
cd endylist-bot
npm init -y
curl -fsSLo endylist-client.mjs https://endylist.com/sdk/js/endylist-client.mjs
cat > bot.mjs <<'JS'
import { EndyListClient } from "./endylist-client.mjs";

const client = new EndyListClient({ token: process.env.ENDYLIST_API_TOKEN });
await client.createTask({ title: "Send planning note", time_bucket: "today" });
console.log(await client.listTasks());
JS
node bot.mjs

Windows PowerShell

mkdir endylist-bot
cd endylist-bot
npm init -y
Invoke-WebRequest `
  -Uri "https://endylist.com/sdk/js/endylist-client.mjs" `
  -OutFile "endylist-client.mjs"
@'
import { EndyListClient } from "./endylist-client.mjs";

const client = new EndyListClient({ token: process.env.ENDYLIST_API_TOKEN });
await client.createTask({ title: "Send planning note", time_bucket: "today" });
console.log(await client.listTasks());
'@ | Set-Content -Path "bot.mjs"
node bot.mjs

Connector adapter setup

Adapters convert provider-shaped tasks into the EndyList task schema and export readable EndyList tasks back into provider-shaped payloads. Use a small connector service for provider OAuth, provider polling, retries, and secrets.

macOS and Linux

curl -sS https://endylist.com/wp-json/endylist/v2/connectors/connections \
  -H "Authorization: Bearer $ENDYLIST_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"provider":"todoist","label":"Todoist inbox","sync_mode":"two-way","config":{"project":"inbox","mapping":"default"}}'

curl -sS https://endylist.com/wp-json/endylist/v2/connectors/todoist/normalize \
  -H "Authorization: Bearer $ENDYLIST_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"tasks":[{"content":"Email Ruth","due":{"date":"2026-06-30"},"priority":3}]}'

Windows PowerShell

$connection = @{
  provider = "todoist"
  label = "Todoist inbox"
  sync_mode = "two-way"
  config = @{ project = "inbox"; mapping = "default" }
} | ConvertTo-Json -Depth 6
Invoke-RestMethod `
  -Method Post `
  -Uri "https://endylist.com/wp-json/endylist/v2/connectors/connections" `
  -Headers @{ Authorization = "Bearer $env:ENDYLIST_API_TOKEN" } `
  -ContentType "application/json" `
  -Body $connection

Provider guides

These are the recommended first paths for the providers in the current matrix. Provider account consent remains a human step, and provider secrets should stay in your connector service.

Todoist two-way sync

  • Best first full two-way connector.
  • Complete Todoist OAuth or create a Todoist token in the Todoist UI.
  • Store the Todoist token in your connector service or keychain.
  • Poll Todoist Sync or REST changes, normalize payloads with `/connectors/todoist/normalize`, import with `/connectors/todoist/import`, then export EndyList changes with `/connectors/todoist/export`.
export TODOIST_API_TOKEN="provider_token_from_todoist"
curl -sS https://api.todoist.com/rest/v2/tasks \
  -H "Authorization: Bearer $TODOIST_API_TOKEN"

Google Tasks polling

  • Use Google OAuth consent with the Tasks scope.
  • Store Google access and refresh tokens only in your connector service.
  • Use `updatedMin`, paging, and deleted task flags to catch up.
  • Normalize Google task items with `/connectors/google-tasks/normalize` before import.
curl -sS "https://tasks.googleapis.com/tasks/v1/lists/@default/tasks?showDeleted=true" \
  -H "Authorization: Bearer $GOOGLE_ACCESS_TOKEN"

Linear issue mapping

  • Use Linear OAuth with PKCE for user-owned sync.
  • Map team, project, priority, issue state, assignee, and labels explicitly.
  • Use Linear webhooks as notifications, then query GraphQL for source-of-truth issue state.
  • Use `/connectors/linear/normalize` and `/connectors/linear/export` for EndyList conversion.
curl -sS https://api.linear.app/graphql \
  -H "Authorization: Bearer $LINEAR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"query":"query { viewer { id name } }"}'

Asana project sync

  • Use Asana OAuth or a personal access token for your connector service.
  • Choose which workspace, project, section, assignee, and completion state map to EndyList.
  • Treat webhooks as notifications and use the Events API or task reads for recovery.
  • Use `/connectors/asana/normalize` for imports and `/connectors/asana/export` for outbound writes.
curl -sS "https://app.asana.com/api/1.0/tasks?project=$ASANA_PROJECT_GID" \
  -H "Authorization: Bearer $ASANA_ACCESS_TOKEN"

monday.com board mapping

  • Use monday.com OAuth or an API token in your connector service.
  • Map each board column to an EndyList field before writing anything back.
  • Use webhooks for board item notifications, then read item column values through GraphQL.
  • Use `/connectors/monday/normalize` and `/connectors/monday/export` after mapping is configured.
curl -sS https://api.monday.com/v2 \
  -H "Authorization: $MONDAY_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"query":"query { boards(limit: 5) { id name } }"}'

Sticky Notes and manual import

  • Do not scrape local desktop note stores or private app databases.
  • Prefer Microsoft To Do, OneNote, or a user-exported CSV or JSON file.
  • Run conversion locally, preview the resulting EndyList tasks, then import with `/connectors/sticky-notes/import`.
  • Use `metadata_only` or a vault-aware flow when imported note text is sensitive.
curl -sS https://endylist.com/wp-json/endylist/v2/connectors/sticky-notes/import \
  -H "Authorization: Bearer $ENDYLIST_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"tasks":[{"title":"Follow up from sticky note","notes":"Imported by user-approved file export"}]}'

Custom webhook source

  • Use this for tools that can send a generic webhook but do not have a dedicated adapter yet.
  • Receive provider payloads in your service, validate provider signatures, then transform to EndyList task shape.
  • POST to `/tasks` for direct inserts or `/connectors/import` for normalized batch imports.
curl -sS https://endylist.com/wp-json/endylist/v2/connectors/import \
  -H "Authorization: Bearer $ENDYLIST_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"provider":"custom-webhook","tasks":[{"title":"Imported from external webhook","time_bucket":"today"}]}'

Hermes, OpenClaw, and custom agents

  • Create an EndyList token specifically for the agent.
  • For a read-only agent, use `mcp:tools` and `tasks:read`.
  • For an agent that can check things off, add `tasks:complete`.
  • For an agent that can add or edit tasks, add `tasks:write` and log every action in the agent’s own audit trail.
{
  "endylist": {
    "type": "http",
    "url": "https://endylist.com/wp-json/endylist/v2/mcp",
    "headers": {
      "Authorization": "Bearer ${ENDYLIST_API_TOKEN}"
    }
  }
}